| Line: |
Status: |
Comments: |
Actions: |
C:\WINDOWS\System32\smss.exe
More info about file smss.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\winlogon.exe
More info about file winlogon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\services.exe
More info about file services.exe |
Legitimate |
In most of cases it is legitimate system process, only sometimes can be used by malicious software |
Change status |
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Program Files\blueyonder\PCguard\fws.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\system32\spoolsv.exe
More info about file spoolsv.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Program Files\Common Files\Command Software\dvpapi.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\system32\nvsvc32.exe
More info about file nvsvc32.exe |
Legitimate |
Item found in 2-spyware.com library
NVIDIA related software. |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\Explorer.EXE
More info about file explorer.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
More info about file jusched.exe |
Legitimate |
Item found in 2-spyware.com library
Checks if there are new versions of Java available. |
Change status |
| C:\Program Files\blueyonder\PCguard\RPS.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
More info about file gcasdtserv.exe |
Legitimate |
Item found in 2-spyware.com library
An essential part of Microsoft AntiSpyware. It is required to run and control the program. |
Change status |
C:\WINDOWS\system32\rundll32.exe
More info about file rundll32.exe |
Legitimate |
Process found in system process library |
Change status |
c:\progra~1\intern~1\iexplore.exe
More info about file iexplore.exe |
Legitimate |
Process found in system process library. |
Change status |
C:\Program Files\Internet Explorer\iexplore.exe
More info about file iexplore.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Documents and Settings\ray1\Desktop\HijackThis.exe
More info about file hijackthis.exe |
Legitimate |
Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and... |
Change status |
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cwcwxptkdcsagqf.com/5PJ44gotAkRoE7K/L8u0f46LjgfXEhNI8u5zzNv_ANZ0qe1zKgXD23N6bd3SEJEb
.cgi |
Not necessary |
http://www.cwcwxptkdcsagqf.com/5PJ44gotAkRoE7K/L8u0f46LjgfXEhNI8u5zzNv_ANZ0qe1zKgXD23N6bd3SEJEb
.cgi is your Search Bar.
If you do not like this fact, fix this item. |
Change status |
| O1 - Hosts: 83.142.229.198 ev5.neondragon.net |
Questionable |
Do you want an URL address "ev5.neondragon.net" to be redirected to "83.142.229.198" when you type it? If not, then fix this |
|
| O1 - Hosts: 83.142.229.198 images.neondragon.net |
Questionable |
Do you want an URL address "images.neondragon.net" to be redirected to "83.142.229.198" when you type it? If not, then fix this |
|
| O1 - Hosts: 83.142.229.198 irc.neondragon.net |
Questionable |
Do you want an URL address "irc.neondragon.net" to be redirected to "83.142.229.198" when you type it? If not, then fix this |
|
| O1 - Hosts: 83.142.229.198 wiki.neondragon.net |
Questionable |
Do you want an URL address "wiki.neondragon.net" to be redirected to "83.142.229.198" when you type it? If not, then fix this |
|
| O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll |
Legitimate |
legitimate bho toolbar, related to Zero Knowledge Freedom |
Change status
|
| O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll |
Legitimate |
legitimate bho toolbar, related to SpyBot Search&Destroy |
Change status
|
| O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll |
Legitimate |
legitimate bho toolbar, related to Zero Knowledge Freedom |
Change status
|
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
More info about file soundman.exe |
Legitimate |
System item according to inner database
Related to Realtek Avance Logic soundcards. SOUNDMAN.EXE provides system tray access to a varity of... |
Change status
|
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
More info about file nwiz.exe |
Legitimate |
System item according to inner database
Nwiz.exe is Related to nVidia graphic cards drivers.
Long name - NVIDIA nView Wizard.<br... |
Change status
|
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
More info about file rundll32.exe |
Legitimate |
System item according to inner database
Rundll32.exe loads and runs 32-bit DLLs. Rundll32.exe comes with all versions of Microsoft Windows.... |
Change status
|
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
More info about file gcasserv.exe |
Legitimate |
Application program item according to inner database
An essential component of Microsoft AntiSpyware. |
Change status
|
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
More info about file jusched.exe |
Legitimate |
Application program item according to inner database
Checks if there are new versions of Java available. |
Change status
|
| O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\RPS.exe" |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [naz] C:\WINDOWS\naz.exe |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
More info about file rundll32.exe |
Legitimate |
System item according to inner database
Rundll32.exe loads and runs 32-bit DLLs. Rundll32.exe comes with all versions of Microsoft Windows.... |
Change status
|
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
More info about file qttask.exe |
Legitimate |
Application program item according to inner database
Provides system tray access to Apple's Quicktime Player. Located in "C:\Program Files\QuickTime\".... |
Change status
|
| O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k |
Questionable |
questionable item according to our database |
Change status
|
| O4 - HKCU\..\Run: [Sect 4] C:\DOCUME~1\ray1\APPLIC~1\gpltype\Window 64 Skip.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll |
Not necessary |
This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Not necessary |
This item represents extra button in your IE toolbar with a name 'Messenger' and points to file 'C:\Program Files\Messenger\msmsgs.exe'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'Windows Messenger' and points to file 'C:\Program Files\Messenger\msmsgs.exe'. If you do not want it to be there, fix this item. |
Change status
|
| O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab |
Questionable |
Are you using an ActiveX object with a name 'Checkers Class' located in 'http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB |
Questionable |
Are you using an ActiveX object with a name 'DD_v4.DDv4' located in 'http://www.drivershq.com/DD_v4.CAB'? If not, fix this item. |
Change status
|
| O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab |
Questionable |
Are you using an ActiveX object with a name 'MessengerStatsClient Class' located in 'http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 |
Questionable |
Are you using an ActiveX object with a name 'Windows Genuine Advantage Validation Tool' located in 'http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409'? If not, fix this item. |
Change status
|
| O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll |
Questionable |
Are you using an ActiveX object with a name 'YInstStarter Class' located in 'C:\Program Files\Yahoo!\Common\yinsthelper.dll'? If not, fix this item. |
Change status
|
| O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab |
Questionable |
Are you using an ActiveX object with a name 'Wwlaunch Control' located in 'http://www.worldwinner.com/games/shared/wwlaunch.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab |
Questionable |
Are you using an ActiveX object with a name 'MessengerStatsClient Class' located in 'http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab |
Questionable |
Are you using an ActiveX object with a name 'WoF Control' located in 'http://www.worldwinner.com/games/v45/wof/wof.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab |
Questionable |
Are you using an ActiveX object with a name 'MsnMessengerSetupDownloadControl Class' located in 'http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab |
Questionable |
Are you using an ActiveX object with no name located in 'http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://webcamnow.com/fs5/voice/voice.cab |
Questionable |
Are you using an ActiveX object with a name 'UniVoiceX Control' located in 'http://webcamnow.com/fs5/voice/voice.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB |
Questionable |
Are you using an ActiveX object with a name 'VacPro.internazionale_ver11' located in 'http://advnt01.com/dialer/internazionale_ver11.CAB'? If not, fix this item. |
Change status
|
| O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://gamingclub.microgaming.com/gamingclub/FlashAX.cab |
Questionable |
Are you using an ActiveX object with a name 'FlashXControl Object' located in 'https://gamingclub.microgaming.com/gamingclub/FlashAX.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab |
Questionable |
Are you using an ActiveX object with a name 'MSN Chat Control 4.5' located in 'http://chat.msn.com/bin/msnchat45.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/hotmail-uk/TrueInstallHotmailUK.exe |
Questionable |
Are you using an ActiveX object with no name located in 'http://www.trueswitch.com/hotmail-uk/TrueInstallHotmailUK.exe'? If not, fix this item. |
Change status
|
| O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll |
Unknown |
No exact entries found |
Change status
|
| O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe |
Legitimate |
Command Software Systems, Inc. - anti Virus |
Change status
|
| O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe |
Unknown |
No exact entries found |
Insert file into database
|
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
More info about file nvsvc32.exe |
Legitimate |
Item found in 2-spyware.com database.
NVIDIA related... |
Change status
|
|
Follow us 
|
Like us 
(91/100)
(89/100)
(84/100)
